Key Piece of The Identity Puzzle

John Fontana, who writes expert pieces about identity for Network World, just posted this piece, called “Microsoft Sets Key Piece of Identity Puzzle“.

Microsoft Wednesday released a beta of its most important tool to date for helping developers build applications that can plug into the company's Identity Metasystem and provide what amounts to a re-usable identity service for securing network resources.

Code-named Zermatt, the tools are a new extension to the .Net Framework 3.5 that helps developers more easily build applications that incorporate a claims-based identity model for authentication/authorization. Claims are a set of statements that identify a user and provide specific information such as title or purchasing authority…

John goes on to quote Stuart Kwan:

“The model is that when a user arrives at the applications, they bring claims that they fetched from an STS ahead of time,” says Stuart Kwan, director of program management for identity and access for Microsoft. “Zermatt is one part of building apps that can more easily plug into your environment. You use Zermatt so [applications] can use the STS in your environment.”

In fact, a network would have multiple STS nodes. Those nodes will eventually include Active Directory, which will have an STS built into the directory's Federation Services in the next version slated to ship sometime after 2008.

Microsoft will use the new Federation Services capabilities, Zermatt and STS technology to build toward its ultimate goal of an “identity bus.” The nirvana of the idea is that off-the-shelf applications could plug into the bus in order to authenticate users and provide access control.

In my view, as enterpise applications and desktop suites start to integrate with the identity metasystem, it will become obvious that businesses can build “business logic” into STS's and suddenly get a huge payoff by controlling access, identity and personalization in all their off-the shelf and enterprise-specific applications. This is going to be huge for developers, who will be able both to simplify and deliver value.

But back to John and Stuart:

Kwan says Zermatt also can be used to build an STS that would run on top of custom built stores of user data. He says Zermatt could be used to build applications that accept information from CardSpace, the user-centric identity system in Vista and XP.

The final release of Zermatt is expected by year-end.

It is the first time Microsoft has so directly written its sizeable development army into its Identity Metasystem, plan, which was outlined first in 2005 and defines a distributed identity architecture for multi-vendor platforms.